mewin/libpng
1
0
Fork 0
mirror of https://git.code.sf.net/p/libpng/code.git synced 2025-07-10 18:04:09 +02:00
Code Issues Projects Releases Wiki Activity

Harden a vestigial check against overflow inside png_zalloc

Browse Source 
Reported-by: Sergio Atienza Pastor, MTP Métodos y Tecnología
This commit is contained in:
Cosmin Truta 2025-07-03 22:42:11 +03:00
parent cf59edd364
commit 7cecdcae07
1 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
png.c
View File

@ -108,10 +108,16 @@ png_zalloc,(voidpf png_ptr, uInt items, uInt size),PNG_ALLOCATED)
if (png_ptr == NULL)
return NULL;
if (items >= (~(png_alloc_size_t)0)/size)
/* This check against overflow is vestigial, dating back from
* the old times when png_zalloc used to be an exported function.
* We're still keeping it here for now, as an extra-cautious
* prevention against programming errors inside zlib, although it
* should rather be a debug-time assertion instead.
*/
if (size != 0 && items >= (~(png_alloc_size_t)0) / size)
{
png_warning (png_voidcast(png_structrp, png_ptr),
"Potential overflow in png_zalloc()");
png_warning(png_voidcast(png_structrp, png_ptr),
"Potential overflow in png_zalloc()");
return NULL;
}